Hi Rancher users,
I deployed Rancher with self certificates with a private CA option. The Rancher GUI came up and when I try to create a new cluster, it is stuck in provisioning state with an error ‘check etcd logs’. The etcd logs says:
tls: failed to verify client’s certificate: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kube-ca”)", ServerName “”
Here are my steps:
- cluster.yml:
cluster_name: Ram-Kube
ssh_key_path: /home/ec2-user/.ssh/id_rsa
nodes:
- address: 10.0.9.205
internal_address: 10.0.9.205
user: ec2-user
role: [controlplane,worker,etcd] - address: 10.0.9.197
internal_address: 10.0.9.197
user: ec2-user
role: [worker] - address: 10.0.10.177
internal_address: 10.0.10.177
user: ec2-user
role: [worker]
services:
etcd:
snapshot: true
creation: 6h
retention: 24h
network:
plugin: weave
ingress:
provider: nginx
options:
use-forwarded-headers: ‘true’
- rke up --config ./cluster.yml
kubectl create namespace cattle-system
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key
kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem=./cacerts.pem
kubectl -n cattle-system create secret generic tls-ca-additional --from-file=ca-additional.pem=./ca-additional.pem
- helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=rancher-draco.asc-dev.io --set ingress.tls.source=secret --set privateCA=true --kubeconfig ./kube_config_cluster.yml --set additionalTrustedCAs=true
Do you see the incorrect configuration parameter in the steps above?
Thanks in advance.
Ram